ISO/IEC 27000:2022 Terminology

Last modified 13 Feb 2024 16:42 +01:00

ISO/IEC 27000 Information technology - Security techniques - Information security management systems is a series of international standard specifying best practice on information security management systems (ISMS). It describes management of information risks through information security controls.

First part of the series (ISO/IEC 27000:2022 Information technology - Security techniques - Information security management systems - Overview and vocabulary) specifies the terminology and concepts for ISMS, in order to promote a common understanding of cybersecurity management concepts.

Vast majority of ISO/IEC 27000 vocabulary is consistent with the terminology used by Evolveum. Following table summarizes the correspondence of ISO/IEC 27000 and Evolveum terms.

ISO 27000 TermEvolveum Term
access control Access Control
attack Cyberattack
audit Audit
audit scope Audit scope
authentication Authentication
authenticity Authenticity
competence Competence
confidentiality Confidentiality
conformity Compliance
consequence Consequence
continual improvement Continual improvement
control Control
control objective Control objective
correction Remediation
corrective action Corrective action
documented information Documented information
effectiveness Effectiveness
event Event
external context External context
governance of information security Cybersecurity governance
governing body Governing body
information need Information need
information processing facilities Information processing facilities
information security Cybersecurity
information security continuity Cybersecurity resilience
information security event Cybersecurity event
information security incident Cybersecurity incident
information security incident management Cybersecurity incident management
information security professional Cybersecurity professional
information system Information system
integrity integrity
interested party Interested party
internal context Internal context
level of risk Risk level
likelihood Probability
management system Management
monitoring Monitoring
non-repudiation Non-repudiation
nonconformity Non-compliance
objective Objective
organization Organization
outsource Outsourcing
performance Performance
policy Policy
process Process
reliability Reliability
requirement Requirement
residual risk Residual risk
review Review
review object Review object
review objective Review objective
risk Risk
risk acceptance Risk acceptance
risk analysis Risk analysis
risk assessment Risk assessment
risk communication and consultation Risk communication
risk criteria Risk criteria
risk evaluation Risk evaluation
risk identification Risk identification
risk management Risk management
risk management process Risk management process
risk owner Risk owner
risk treatment Risk treatment
security implementation standard Cybersecurity standard
threat Threat
top management Top management
vulnerability Vulnerability
Was this page helpful?
Thanks for your feedback